software_91747972.exe

downer for windows

Riyue peer information technology (Beijing) Co., Ltd

The application software_91747972.exe by Riyue peer information technology (Beijing) Co. has been detected as a potentially unwanted program by 20 anti-malware scanners. This is a setup program which is used to install the application. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from www.onlinedown.net and multiple other hosts.
Publisher:

Product:
downer for windows

Version:
1.2.0.0

MD5:
137b4ddfcc2402fdaa4e068e65746e98

SHA-1:
85c080ed24f6841ec8c51b59f2b1151ae67e02cf

SHA-256:
21f38010b2e196415a593fa19264c9b6945c44f8f771c8e5df318f464eb2676d

Scanner detections:
20 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 12:49:33 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.KX
694

Agnitum Outpost
PUA.Downware
7.1.1

AhnLab V3 Security
Downloader/Win32.Banload
2015.03.11

Avira AntiVirus
Adware/Downware.1003520.5
7.11.215.236

avast!
Win32:Adware-gen [Adw]
2014.9-150313

Bitdefender
Application.Bundler.KX
1.0.20.360

Dr.Web
Adware.Downware.9666
9.0.1.072

Fortinet FortiGate
W32/Banker.I!tr.pws
3/13/2015

F-Secure
Application.Bundler.KX
11.2015-13-03_6

G Data
Application.Bundler.KX
15.3.25

IKARUS anti.virus
Hoax.Win32.ArchSMS
t3scan.1.8.6.0

K7 AntiVirus
Riskware
13.200.15223

Malwarebytes
PUP.Optional.Downloader
v2015.03.13.10

McAfee
RDN/PWS-Banker.dldr!i
5600.6828

MicroWorld eScan
Application.Bundler.KX
16.0.0.216

NANO AntiVirus
Riskware.Win32.Downware.doahim
0.30.0.296

Rising Antivirus
PE:Trojan.Win32.Generic.1832433E!405947198
23.00.65.15311

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
38312

ViRobot
Trojan.Win32.Agent.1002496.A[h]
2014.3.20.0

File size:
979 KB (1,002,496 bytes)

Product version:
1.2.0.0

Copyright:
Riyue peer information technology (Beijing) Co., Ltd

Original file name:
downer

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, PRC)

Digital Signature
Authority:
Thawte, Inc.

Valid from:
2/20/2014 1:00:00 AM

Valid to:
2/21/2015 12:59:59 AM

Subject:
CN="Riyue peer information technology (Beijing) Co., Ltd", OU=departmentof commerce, O="Riyue peer information technology (Beijing) Co., Ltd", L=beijing, S=beijing, C=CN

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
5EF67E737811F4602210D3F817327CE7

File PE Metadata
Compilation timestamp:
1/23/2015 10:37:28 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:s+xyDKkPV8QcgmBOXosPwB+PYpmlk167hXD/srfI3SpLfdn:aKqVi4X6B+QpNIdXD/srfI3Sp7dn

Entry address:
0x244F70

Entry point:
60, BE, 00, 90, 55, 00, 8D, BE, 00, 80, EA, FF, C7, 87, F8, 69, 17, 00, B4, 2D, 65, E4, 57, 83, CD, FF, EB, 0E, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, EF, 75, 09, 8B, 1E, 83, EE, FC, 11, DB, 73, E4, 31, C9, 83, E8, 03, 72, 0D, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 74, 89, C5, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB...
 
[+]

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.22 (Delphi) stub

Code size:
948 KB (970,752 bytes)

The file software_91747972.exe has been seen being distributed by the following 4 URLs.

http://www.onlinedown.net/.../index2.php?ver=2015 ?&name=????&id=7677&token=c819d08e7ebb931f9d5787c68570d372

Remove software_91747972.exe - Powered by Reason Core Security